0

I have a simple application and am using session to allow users in and out. I realized when $_SESSION is set and when I close my browser without logging out the $_SESSION destroys by itself so I changed my code so that i could expand the lifetime of the session. I hope this way when the user click remember me checkbox they can stay connected for two weeks.

I tried doing this but to the less of my knowledge its not working.

below is my login script:

<?php

    session_start();
    //redirect of session is already set and its not empty
    if(isset($_SESSION['usigh-ses']) and !empty($_SESSION['usigh-ses'])){
    header("location:home");
    }

    //require connection file
    require('include/dbc.php');


    // create empty variables to hold data
    $email = $password =$errors= $name= $name2= $u_avatar="";
    $emailErr = $passwordErr ="";

    $passwordbox =false;
    $emailbox =true;

    if(isset($_POST['submit'])){


    if(empty($_POST['email']) || ctype_space($_POST['email'])){
    $emailErr ="Please enter your email address.";
    }else{
    $email = trim(strtolower($_POST['email']));

    //Validate for correct email
    if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
    $emailErr ="Enter a valid email address.";
    }
    } //end of email 




    if(empty($_POST['password'])|| ctype_space($_POST['password'])){
    //$passwordErr ="Please enter your password.";
    $errors ='<div class="topalerts"> Go ahead and enter your password</div>';


    }



    //Recheck validation 
    if($email !="" && !ctype_space($email) && filter_var($email,FILTER_VALIDATE_EMAIL)){


    //AsK database questions
    $sql = "SELECT * FROM $table_name WHERE Email ='$email' LIMIT 1";
    $result = mysqli_query($dbc_conn,$sql);
    $numrows =mysqli_num_rows($result);



    if($numrows > 0){
    while( $row =mysqli_fetch_assoc($result)){
    $db_email = $row['Email'];


    if($email == $db_email){

    if($row['avatar'] !=NULL){
    $image = $row['avatar'];
    $image_url = "uploaded/$image";
    if(file_exists($image_url)){
    $u_avatar = $row['avatar']; 
    }else{

    //Default profile avatar because OF ERROR OR FILE DO NOT EXIST  
    $u_avatar = "blank-profile.png";
    }

    }else{
    //Default profile avatar because row AVATAR is NULL 
    $u_avatar = "blank-profile.png";

    }






    //hide email div, show password div 
    $name = $row["FirstName"][0];
    $name2 = $row['FirstName'];
    $passwordbox =true;
    $emailbox =false;

    //check for valid password
    if(!empty($_POST['password']) and !ctype_space($_POST['password'])){

    $password = md5($_POST['password']);
    if( $password == $row['Password']){
    $rand = rand();

    //remember me feature
    if(isset($_POST['remember'] ) and $_POST['remember']=="yes"){

        $lifetime = 25200;
        session_set_cookie_params($lifetime,"/","localhost");
        $IsLoggIn=$_SESSION['usigh-ses'] = $row['id'];

        header("location:home?u=$IsLoggIn&search=$rand");
        }else{

        $IsLoggIn=$_SESSION['usigh-ses'] = $row['id'];  
        header("location:home?u=$IsLoggIn&search=$rand");
            }           







    //this user is online
    mysqli_query($dbc_conn,"UPDATE $table_name SET active=1 WHERE id ='$IsLoggIn' ");
    //redirect user


    }else{

    $errors ='<div class="topalerts"> The password you have entered is invalid. 
    Please provide a valid password of your account.</div>';
    $passwordErr = 'The email and password you entered don\'t match. ';

                    }
                }


            }


        }


    }else{
        $errors ='<div class="topalerts"> It seems you are not a registered member
         or your email is incorrect.Try again.</div>';
        $emailErr = "Sorry, your email could not be verified.";

        }



        }//end of recheck
        else{
            $errors ='<div class="topalerts">There were one or more errors in your submission.
             Please correct the mark fields below.</div>';
            }


    } //end of main submit
     ?>
James Favour
  • 97
  • 1
  • 2
  • 9
  • I am new here...can someone do it for me? cuz I have toiled around stack overflow it seem i saw similar questions but not working for me. somebody help please. – James Favour Apr 11 '16 at 14:19
  • That's kind of the thing with sessions - to only stay alive during the session. If you want to remember users you need to save a normal cookie, not a session cookie. Save some unique and secret token for each suer on the server. Next store that in the cookie. If that cookie is found, match it against all tokens you've got stored, and perform some auto login. – Daniel Setréus Apr 11 '16 at 14:23
  • I think you have the idea..sorry to ask. can you do it for me please cuz am new to php and am cracking my head here. lol @Daniel Stereus – James Favour Apr 11 '16 at 14:29
  • nobody is helping? oh...thanks guyz – James Favour Apr 11 '16 at 15:00

0 Answers0